Don't just give a one-line answer; explain why your answer is right, ideally with citations. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed (AD Certificate Services, AD Federated Services, etc).
Group Policy Objects (GPOs) can then be linked to OUs to centralize the settings for various users or computers across an organization.
When people say "Active Directory" they typically are referring to "Active Directory Domain Services." It is important to note that there are other Active Directory roles/products such as Certificate Services, Federation Services, Lightweight Directory Services, Rights Management Services, etc.
This answer refers specifically to Active Directory Domain Services. Objects in separate forests are not able to interact with each other, unless the administrators of each separate forest create a trust between them.
For example, an Enterprise Administrator account for , even if those forests exist within the same LAN, unless there is a trust in place. The first domain in a forest is known as the forest root domain.
I find myself explaining some of what I assume is common knowledge about it almost daily.
This question will, hopefully, serve as a canonical question and answer for most basic Active Directory questions.
If you feel that you can improve the answer to this question, please edit away.
We're looking for long answers that provide some explanation and context. Maybe a canonical is in order @MDMarra Active Directory Domain Services is Microsoft's Directory Server.
If you have multiple disjoint business units or have the need for separate security boundaries, you need multiple forests. In many small and medium organizations (and even some large ones), you will only find a single domain in a single forest.